|
Mac OS X Security Update Fixes Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA15481
|
|
|
Release Date:
|
2005-06-09
|
|
Popularity:
|
10,957 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Unknown
Security Bypass
Exposure of system information
Exposure of sensitive information
Privilege escalation
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Apple Macintosh OS X
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2005-0524
CVE-2005-0525
CVE-2005-1042
CVE-2005-1043
CVE-2005-1333
CVE-2005-1343
CVE-2005-1720
CVE-2005-1721
CVE-2005-1722
CVE-2005-1723
CVE-2005-1724
CVE-2005-1725
CVE-2005-1726
CVE-2005-1727
CVE-2005-1728
|
|
Description:
Apple has issued a security update for Mac OS X, which fixes various vulnerabilities.
1) A boundary error in AFP Server within the support for legacy clients can be exploited to cause a buffer overflow.
Successful exploitation allows execution of arbitrary code.
2) A bug in AFP Server when using an ACL-enabled storage volume may in certain situations result in an ACL remaining attached when a file with POSIX-only permissions is copied.
3) An input validation error can be exploited to access arbitrary files on a Bluetooth-enabled system using directory traversal attacks via the Bluetooth file and object exchange services.
4) A weakness in CoreGraphics can be exploited via a specially crafted PDF document to crash an application using either PDFKit or CoreGraphics to rendor PDF documents.
5) An error in the CoreGraphics Window Server can be exploited by console users to gain escalated privileges by launching commands into a root session.
6) Insecure folder permissions are set on the system's cache folder and Dashboard system widgets.
7) A race condition in the temporary file creation of launchd can be exploited by malicious, local users to take ownership of arbitrary files on the system.
8) An error in LaunchServices can result in file extensions and MIME types marked as unsafe to bypass download safety checks if they're not mapped to an Apple UTI (Uniform Type Identifier).
9) A security issue in MCX Client may disclose Portable Home Directory credentials to local users.
10) A security issue in NFS causes a NFS export restricted using "-network" and "-mask" to be exported to "everyone".
11) Multiple vulnerabilities in PHP can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
For more information:
SA14792
12) A boundary error in vpnd can be exploited by malicious, local users to cause a buffer overflow via an overly long Server_id parameter and execute arbitrary code with escalated privileges on systems configured as a VPN server.
Solution:
Apply Security Update 2005-006.
Mac OS X 10.3.9:
http://www.apple.com/support/downloads/securityupdate2005006macosx1039.html
Mac OS X 10.4.1:
http://www.apple.com/support/downloads/securityupdate2005006macosx1041.html
Provided and/or discovered by:
3) Kevin Finisterre, digitalmunition.com.
4) Chris Evans
6) Michael Haller
7) Neil Archibald
12) Pieter de Boer
Original Advisory:
Apple:
http://docs.info.apple.com/article.html?artnum=301742
Other References:
SA14792:
http://secunia.com/advisories/14792/
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
